diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 2 | ||||
| -rw-r--r-- | lib/l10n/et_EE.js | 1 | ||||
| -rw-r--r-- | lib/l10n/et_EE.json | 1 | ||||
| -rw-r--r-- | lib/private/appframework/utility/controllermethodreflector.php | 22 | ||||
| -rw-r--r-- | lib/private/eventsource.php | 2 | ||||
| -rw-r--r-- | lib/private/json.php | 2 | ||||
| -rw-r--r-- | lib/private/util.php | 22 | ||||
| -rw-r--r-- | lib/public/util.php | 4 |
8 files changed, 20 insertions, 36 deletions
diff --git a/lib/base.php b/lib/base.php index ce4546e8fa3..34cbfe3066c 100644 --- a/lib/base.php +++ b/lib/base.php @@ -1060,7 +1060,7 @@ class OC { return false; } - if(!OC_Util::isCallRegistered()) { + if(!(\OC::$server->getRequest()->passesCSRFCheck())) { return false; } OC_App::loadApps(); diff --git a/lib/l10n/et_EE.js b/lib/l10n/et_EE.js index eaf98861f23..ab56f6f920a 100644 --- a/lib/l10n/et_EE.js +++ b/lib/l10n/et_EE.js @@ -33,6 +33,7 @@ OC.L10N.register( "web services under your control" : "veebitenused sinu kontrolli all", "Empty filename is not allowed" : "Tühi failinimi pole lubatud", "Dot files are not allowed" : "Punktiga failid pole lubatud", + "File name is a reserved word" : "Failinimi sisaldab keelatud sõna", "File name contains at least one invalid character" : "Faili nimesonvähemalt üks keelatud märk", "File name is too long" : "Faili nimi on liiga pikk", "Can't read file" : "Faili lugemine ebaõnnestus", diff --git a/lib/l10n/et_EE.json b/lib/l10n/et_EE.json index 7d28a75c59e..c67c0578626 100644 --- a/lib/l10n/et_EE.json +++ b/lib/l10n/et_EE.json @@ -31,6 +31,7 @@ "web services under your control" : "veebitenused sinu kontrolli all", "Empty filename is not allowed" : "Tühi failinimi pole lubatud", "Dot files are not allowed" : "Punktiga failid pole lubatud", + "File name is a reserved word" : "Failinimi sisaldab keelatud sõna", "File name contains at least one invalid character" : "Faili nimesonvähemalt üks keelatud märk", "File name is too long" : "Faili nimi on liiga pikk", "Can't read file" : "Faili lugemine ebaõnnestus", diff --git a/lib/private/appframework/utility/controllermethodreflector.php b/lib/private/appframework/utility/controllermethodreflector.php index 63cf5ac24f0..1118332f930 100644 --- a/lib/private/appframework/utility/controllermethodreflector.php +++ b/lib/private/appframework/utility/controllermethodreflector.php @@ -60,16 +60,18 @@ class ControllerMethodReflector implements IControllerMethodReflector{ // extract type parameter information preg_match_all('/@param\h+(?P<type>\w+)\h+\$(?P<var>\w+)/', $docs, $matches); - // this is just a fix for PHP 5.3 (array_combine raises warning if called with - // two empty arrays - if($matches['var'] === array() && $matches['type'] === array()) { - $this->types = array(); - } else { - $this->types = array_combine($matches['var'], $matches['type']); - } + $this->types = array_combine($matches['var'], $matches['type']); - // get method parameters foreach ($reflection->getParameters() as $param) { + // extract type information from PHP 7 scalar types and prefer them + // over phpdoc annotations + if (method_exists($param, 'getType')) { + $type = $param->getType(); + if ($type !== null) { + $this->types[$param->getName()] = (string) $type; + } + } + if($param->isOptional()) { $default = $param->getDefaultValue(); } else { @@ -82,9 +84,9 @@ class ControllerMethodReflector implements IControllerMethodReflector{ /** * Inspects the PHPDoc parameters for types - * @param string $parameter the parameter whose type comments should be + * @param string $parameter the parameter whose type comments should be * parsed - * @return string|null type in the type parameters (@param int $something) + * @return string|null type in the type parameters (@param int $something) * would return int or null if not existing */ public function getType($parameter) { diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php index c076b87ddd9..0e98bdc2628 100644 --- a/lib/private/eventsource.php +++ b/lib/private/eventsource.php @@ -76,7 +76,7 @@ class OC_EventSource implements \OCP\IEventSource { } else { header("Content-Type: text/event-stream"); } - if (!OC_Util::isCallRegistered()) { + if (!(\OC::$server->getRequest()->passesCSRFCheck())) { $this->send('error', 'Possible CSRF attack. Connection will be closed.'); $this->close(); exit(); diff --git a/lib/private/json.php b/lib/private/json.php index eba374f4da2..0bf4e8bcd01 100644 --- a/lib/private/json.php +++ b/lib/private/json.php @@ -76,7 +76,7 @@ class OC_JSON{ * @deprecated Use annotation based CSRF checks from the AppFramework instead */ public static function callCheck() { - if( !OC_Util::isCallRegistered()) { + if( !(\OC::$server->getRequest()->passesCSRFCheck())) { $l = \OC::$server->getL10N('lib'); self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' ))); exit(); diff --git a/lib/private/util.php b/lib/private/util.php index 12146f6980b..c9738b29ca1 100644 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -1127,7 +1127,6 @@ class OC_Util { * Creates a 'request token' (random) and stores it inside the session. * Ever subsequent (ajax) request must use such a valid token to succeed, * otherwise the request will be denied as a protection against CSRF. - * @see OC_Util::isCallRegistered() */ public static function callRegister() { // Use existing token if function has already been called @@ -1155,27 +1154,6 @@ class OC_Util { } /** - * Check an ajax get/post call if the request token is valid. - * - * @return boolean False if request token is not set or is invalid. - * @see OC_Util::callRegister() - */ - public static function isCallRegistered() { - return \OC::$server->getRequest()->passesCSRFCheck(); - } - - /** - * Check an ajax get/post call if the request token is valid. Exit if not. - * - * @return void - */ - public static function callCheck() { - if (!OC_Util::isCallRegistered()) { - exit(); - } - } - - /** * Public function to sanitize HTML * * This function is used to sanitize HTML and should be applied on any diff --git a/lib/public/util.php b/lib/public/util.php index a9fe0e47de6..493aa0000a5 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -494,7 +494,9 @@ class Util { * @since 4.5.0 */ public static function callCheck() { - \OC_Util::callCheck(); + if (!(\OC::$server->getRequest()->passesCSRFCheck())) { + exit(); + } } /** |